webhook

package
v1.96.4 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 14, 2024 License: Apache-2.0 Imports: 32 Imported by: 94

Documentation

Index

Constants

View Source
const (
	// NamePrefix is the prefix used for {Valida,Muta}tingWebhookConfigurations of extensions.
	NamePrefix = "gardener-extension-"
	// NameSuffixShoot is the suffix used for {Valida,Muta}tingWebhookConfigurations of extensions targeting a shoot.
	NameSuffixShoot = "-shoot"
	// ModeService is a constant for the webhook mode indicating that the controller is running inside of the Kubernetes cluster it
	// is serving.
	ModeService = "service"
	// ModeURL is a constant for the webhook mode indicating that the controller is running outside of the Kubernetes cluster it
	// is serving. If this is set then a URL is required for configuration.
	ModeURL = "url"
	// ModeURLWithServiceName is a constant for the webhook mode indicating that the controller is running outside of the Kubernetes cluster it
	// is serving but in the same cluster like the kube-apiserver. If this is set then a URL is required for configuration.
	ModeURLWithServiceName = "url-service"
)
View Source
const (
	// ActionMutating defines the webhook as a mutating webhook.
	ActionMutating = "mutating"
	// ActionValidating defines the webhook as a validating webhook.
	ActionValidating = "validating"
	// TargetSeed defines that the webhook is to be installed in the seed.
	TargetSeed = "seed"
	// TargetShoot defines that the webhook is to be installed in the shoot.
	TargetShoot = "shoot"
)

Variables

This section is empty.

Functions

func AppendUniqueUnit

func AppendUniqueUnit(units *[]extensionsv1alpha1.Unit, unit extensionsv1alpha1.Unit)

AppendUniqueUnit appens a unit only if it does not exist.

func BuildClientConfigFor added in v1.62.0

func BuildClientConfigFor(webhookPath string, namespace, componentName string, servicePort int, mode, url string, caBundle []byte) admissionregistrationv1.WebhookClientConfig

BuildClientConfigFor builds the client config for a webhook.

func BuildWebhookConfigs added in v1.48.0

func BuildWebhookConfigs(
	webhooks []*Webhook,
	c client.Client,
	namespace, providerName string,
	servicePort int,
	mode, url string,
	caBundle []byte,
) (
	seedWebhookConfigs Configs,
	shootWebhookConfigs Configs,
	err error,
)

BuildWebhookConfigs builds webhook.Configs for seed and shoot from the given webhooks slice.

func ContainerWithName

func ContainerWithName(containers []corev1.Container, name string) *corev1.Container

ContainerWithName returns the first container with the specified name from the slice, or nil if not found.

func DeserializeCommandLine

func DeserializeCommandLine(s string) []string

DeserializeCommandLine de-serializes the given string to a slice of command line elements by splitting it on white space and the "\" character.

func EnsureAnnotationOrLabel

func EnsureAnnotationOrLabel(annotationOrLabelMap map[string]string, key, value string) map[string]string

EnsureAnnotationOrLabel ensures the given key/value exists in the annotationOrLabelMap map.

func EnsureContainerWithName

func EnsureContainerWithName(items []corev1.Container, item corev1.Container) []corev1.Container

EnsureContainerWithName ensures that a Container with a name equal to the name of the given Container exists in the given slice and the first item in the list would be equal to the given Container.

func EnsureEnvVarWithName

func EnsureEnvVarWithName(items []corev1.EnvVar, item corev1.EnvVar) []corev1.EnvVar

EnsureEnvVarWithName ensures that a EnvVar with a name equal to the name of the given EnvVar exists in the given slice and the first item in the list would be equal to the given EnvVar.

func EnsureFileWithPath

func EnsureFileWithPath(items []extensionsv1alpha1.File, item extensionsv1alpha1.File) []extensionsv1alpha1.File

EnsureFileWithPath ensures that a file with a path equal to the path of the given file exists in the given slice and is equal to the given file.

func EnsureNoContainerWithName

func EnsureNoContainerWithName(items []corev1.Container, name string) []corev1.Container

EnsureNoContainerWithName ensures that a Container with the given name does not exist in the given slice.

func EnsureNoEnvVarWithName

func EnsureNoEnvVarWithName(items []corev1.EnvVar, name string) []corev1.EnvVar

EnsureNoEnvVarWithName ensures that a EnvVar with the given name does not exist in the given slice.

func EnsureNoPVCWithName

func EnsureNoPVCWithName(items []corev1.PersistentVolumeClaim, name string) []corev1.PersistentVolumeClaim

EnsureNoPVCWithName ensures that a PVC with the given name does not exist in the given slice.

func EnsureNoStringWithPrefix

func EnsureNoStringWithPrefix(items []string, prefix string) []string

EnsureNoStringWithPrefix ensures that a string having the given prefix does not exist in the given slice.

func EnsureNoStringWithPrefixContains

func EnsureNoStringWithPrefixContains(items []string, prefix, value, sep string) []string

EnsureNoStringWithPrefixContains ensures that either a string having the given prefix does not exist in the given slice, or it doesn't contain the given value in a list separated by sep.

func EnsureNoVolumeMountWithName

func EnsureNoVolumeMountWithName(items []corev1.VolumeMount, name string) []corev1.VolumeMount

EnsureNoVolumeMountWithName ensures that a VolumeMount with the given name does not exist in the given slice.

func EnsureNoVolumeWithName

func EnsureNoVolumeWithName(items []corev1.Volume, name string) []corev1.Volume

EnsureNoVolumeWithName ensures that a Volume with the given name does not exist in the given slice.

func EnsurePVCWithName

EnsurePVCWithName ensures that a PVC with a name equal to the name of the given PVC exists in the given slice and the first item in the list would be equal to the given PVC.

func EnsureStringWithPrefix

func EnsureStringWithPrefix(items []string, prefix, value string) []string

EnsureStringWithPrefix ensures that a string having the given prefix exists in the given slice and all matches are with a value equal to prefix + value.

func EnsureStringWithPrefixContains

func EnsureStringWithPrefixContains(items []string, prefix, value, sep string) []string

EnsureStringWithPrefixContains ensures that a string having the given prefix exists in the given slice and all matches contain the given value in a list separated by sep.

func EnsureUnitOption

func EnsureUnitOption(items []*unit.UnitOption, item *unit.UnitOption) []*unit.UnitOption

EnsureUnitOption ensures the given unit option exist in the given slice.

func EnsureUnitWithName added in v1.88.0

func EnsureUnitWithName(items []extensionsv1alpha1.Unit, item extensionsv1alpha1.Unit) []extensionsv1alpha1.Unit

EnsureUnitWithName ensures that an unit with a name equal to the name of the given unit exists in the given slice and is equal to the given unit.

func EnsureVPAContainerResourcePolicyWithName added in v1.73.0

EnsureVPAContainerResourcePolicyWithName ensures that a container policy with a name equal to the name of the given container policy exists in the given slice and the first item in the list would be equal to the given container policy.

func EnsureVolumeMountWithName

func EnsureVolumeMountWithName(items []corev1.VolumeMount, item corev1.VolumeMount) []corev1.VolumeMount

EnsureVolumeMountWithName ensures that a VolumeMount with a name equal to the name of the given VolumeMount exists in the given slice and the first item in the list would be equal to the given VolumeMount.

func EnsureVolumeWithName

func EnsureVolumeWithName(items []corev1.Volume, item corev1.Volume) []corev1.Volume

EnsureVolumeWithName ensures that a Volume with a name equal to the name of the given Volume exists in the given slice and the first item in the list would be equal to the given Volume.

func FileWithPath

func FileWithPath(files []extensionsv1alpha1.File, path string) *extensionsv1alpha1.File

FileWithPath returns the first file with the specified path from the slice, or nil if not found.

func GetCABundleFromWebhookConfig added in v1.48.0

func GetCABundleFromWebhookConfig(obj client.Object) ([]byte, error)

GetCABundleFromWebhookConfig finds the first non-empty Webhooks[0].ClientConfig.CABundle from the given webhook config.

func InjectCABundleIntoWebhookConfig added in v1.48.0

func InjectCABundleIntoWebhookConfig(obj client.Object, caBundle []byte) error

InjectCABundleIntoWebhookConfig sets the given CA bundle in all webhook client config in the given webhook config.

func LogMutation

func LogMutation(logger logr.Logger, kind, namespace, name string)

LogMutation provides a log message.

func NewHandlerWithShootClient

func NewHandlerWithShootClient(mgr manager.Manager, types []Type, mutator MutatorWithShootClient, logger logr.Logger) (http.Handler, error)

NewHandlerWithShootClient creates a new handler for the given types, using the given mutator, and logger.

func OverwriteWebhooks added in v1.48.0

func OverwriteWebhooks(current, desired client.Object) error

OverwriteWebhooks sets current.Webhooks to desired.Webhooks for all kinds and version of webhook configs.

func PVCWithName

PVCWithName returns the first PersistentVolumeClaim with the specified name from the slice, or nil if not found.

func PrefixedName added in v1.62.0

func PrefixedName(componentName string) string

PrefixedName does not prefix the component name if it starts with "gardener-". Otherwise, it prefixes it with "gardener-extension-".

func ReconcileSeedWebhookConfig added in v1.48.0

func ReconcileSeedWebhookConfig(ctx context.Context, c client.Client, webhookConfig client.Object, ownerNamespace string, caBundle []byte) error

ReconcileSeedWebhookConfig reconciles the given webhook config in the seed cluster. If a CA bundle is given, it is injected it into all desired webhooks. If not, the CA bundle from the webhook config on the cluster (if any) is kept.

func SerializeCommandLine

func SerializeCommandLine(command []string, n int, sep string) string

SerializeCommandLine serializes the given command line elements slice to a string by joining the first n+1 elements with a space " ", and all subsequent elements with the given separator.

func StringWithPrefixIndex

func StringWithPrefixIndex(items []string, prefix string) int

StringWithPrefixIndex returns the index of the first occurrence of a string having the given prefix in the given slice, or -1 if not found.

func UnitOptionWithSectionAndName

func UnitOptionWithSectionAndName(opts []*unit.UnitOption, section, name string) *unit.UnitOption

UnitOptionWithSectionAndName returns the first unit option with the specified section and name from the slice, or nil if not found.

func UnitWithName

func UnitWithName(units []extensionsv1alpha1.Unit, name string) *extensionsv1alpha1.Unit

UnitWithName returns the first unit with the specified name from the slice, or nil if not found.

Types

type Args added in v1.4.0

type Args struct {
	Provider          string
	Name              string
	Path              string
	Target            string
	NamespaceSelector *metav1.LabelSelector
	ObjectSelector    *metav1.LabelSelector
	Predicates        []predicate.Predicate
	Validators        map[Validator][]Type
	Mutators          map[Mutator][]Type
}

Args contains Webhook creation arguments.

type Configs added in v1.85.0

type Configs struct {
	MutatingWebhookConfig   *admissionregistrationv1.MutatingWebhookConfiguration
	ValidatingWebhookConfig *admissionregistrationv1.ValidatingWebhookConfiguration
}

Configs contains mutating and validating webhook configurations.

func (*Configs) DeepCopy added in v1.85.0

func (c *Configs) DeepCopy() *Configs

DeepCopy returns a deep copy of the 'Configs' object.

func (*Configs) GetWebhookConfigs added in v1.85.0

func (c *Configs) GetWebhookConfigs() []client.Object

GetWebhookConfigs returns a slice of webhook configurations.

func (*Configs) HasWebhookConfig added in v1.85.0

func (c *Configs) HasWebhookConfig() bool

HasWebhookConfig returns true if 'Configs' contains at least one webhook configuration.

type HandlerBuilder added in v1.4.0

type HandlerBuilder struct {
	// contains filtered or unexported fields
}

HandlerBuilder contains information which are required to create an admission handler.

func NewBuilder added in v1.4.0

func NewBuilder(mgr manager.Manager, logger logr.Logger) *HandlerBuilder

NewBuilder creates a new HandlerBuilder.

func (*HandlerBuilder) Build added in v1.4.0

func (b *HandlerBuilder) Build() (admission.Handler, error)

Build creates a new admission.Handler with the settings previously specified with the HandlerBuilder's functions.

func (*HandlerBuilder) WithMutator added in v1.4.0

func (b *HandlerBuilder) WithMutator(mutator Mutator, types ...Type) *HandlerBuilder

WithMutator adds the given mutator for the given types to the HandlerBuilder.

func (*HandlerBuilder) WithPredicates added in v1.4.0

func (b *HandlerBuilder) WithPredicates(predicates ...predicate.Predicate) *HandlerBuilder

WithPredicates adds the given predicates to the HandlerBuilder.

func (*HandlerBuilder) WithValidator added in v1.4.0

func (b *HandlerBuilder) WithValidator(validator Validator, types ...Type) *HandlerBuilder

WithValidator adds the given validator for the given types to the HandlerBuilder.

type Mutator

type Mutator interface {
	// Mutate validates and if needed mutates the given object.
	// "old" is optional and it must always be checked for nil.
	Mutate(ctx context.Context, new, old client.Object) error
}

Mutator validates and if needed mutates objects.

type MutatorWithShootClient

type MutatorWithShootClient interface {
	// Mutate validates and if needed mutates the given object.
	// "old" is optional and it must always be checked for nil.
	Mutate(ctx context.Context, new, old client.Object, shootClient client.Client) error
}

MutatorWithShootClient validates and if needed mutates objects. It needs the shoot client.

type Type added in v1.39.0

type Type struct {
	Obj         client.Object
	Subresource *string
}

Type contains information about the Kubernetes object types and subresources the webhook acts upon.

type Validator added in v1.4.0

type Validator interface {
	Validate(ctx context.Context, new, old client.Object) error
}

Validator validates objects.

type Webhook

type Webhook struct {
	Action            string
	Name              string
	Provider          string
	Path              string
	Target            string
	Types             []Type
	Webhook           *admission.Webhook
	Handler           http.Handler
	NamespaceSelector *metav1.LabelSelector
	ObjectSelector    *metav1.LabelSelector
	FailurePolicy     *admissionregistrationv1.FailurePolicyType
	TimeoutSeconds    *int32
}

Webhook is the specification of a webhook.

func New added in v1.4.0

func New(mgr manager.Manager, args Args) (*Webhook, error)

New creates a new Webhook with the given args.

Directories

Path Synopsis
mock
Package mock is a generated GoMock package.
Package mock is a generated GoMock package.
genericmutator/mock
Package mock is a generated GoMock package.
Package mock is a generated GoMock package.
Package mock is a generated GoMock package.
Package mock is a generated GoMock package.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL